๐Ÿ” CVE Alert

CVE-2024-49982

UNKNOWN 0.0

aoe: fix the potential use-after-free problem in more places

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Oct 21, 2024
Last Updated May 11, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
ad80c34944d7175fa1f5c7a55066020002921a99 < 12f7b89dd72b25da4eeaa22097877963cad6418e 1a54aa506b3b2f31496731039e49778f54eee881 < a786265aecf39015418e4f930cc1c14603a01490 faf0b4c5e00bb680e8e43ac936df24d3f48c8e65 < f63461af2c1a86af4217910e47a5c46e3372e645 7dd09fa80b0765ce68bfae92f4e2f395ccf0fba4 < 07b418d50ccbbca7e5d87a3a0d41d436cefebf79 74ca3ef68d2f449bc848c0a814cefc487bf755fa < bc2cbf7525ac288e07d465f5a1d8cb8fb9599254 eb48680b0255a9e8a9bdc93d6a55b11c31262e62 < acc5103a0a8c200a52af7d732c36a8477436a3d3 f98364e926626c678fb4b9004b75cacf92ff0662 < 89d9a69ae0c667e4d9d028028e2dcc837bae626f f98364e926626c678fb4b9004b75cacf92ff0662 < 8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58 f98364e926626c678fb4b9004b75cacf92ff0662 < 6d6e54fc71ad1ab0a87047fd9c211e75d86084a3 079cba4f4e307c69878226fdf5228c20aa1c969c a16fbb80064634b254520a46395e36b87ca4731e
Linux / Linux
6.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/12f7b89dd72b25da4eeaa22097877963cad6418e git.kernel.org: https://git.kernel.org/stable/c/a786265aecf39015418e4f930cc1c14603a01490 git.kernel.org: https://git.kernel.org/stable/c/f63461af2c1a86af4217910e47a5c46e3372e645 git.kernel.org: https://git.kernel.org/stable/c/07b418d50ccbbca7e5d87a3a0d41d436cefebf79 git.kernel.org: https://git.kernel.org/stable/c/bc2cbf7525ac288e07d465f5a1d8cb8fb9599254 git.kernel.org: https://git.kernel.org/stable/c/acc5103a0a8c200a52af7d732c36a8477436a3d3 git.kernel.org: https://git.kernel.org/stable/c/89d9a69ae0c667e4d9d028028e2dcc837bae626f git.kernel.org: https://git.kernel.org/stable/c/8253a60c89ec35c8f36fb2cc08cdf854c7a3eb58 git.kernel.org: https://git.kernel.org/stable/c/6d6e54fc71ad1ab0a87047fd9c211e75d86084a3 lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html